HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
guix-install.sh: Support OpenRC.
[jackhill/guix/guix.git] / etc / guix-install.sh
1 #!/bin/sh
2 # GNU Guix --- Functional package management for GNU
3 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
4 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
5 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
6 # Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
7 # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
8 #
9 # This file is part of GNU Guix.
10 #
11 # GNU Guix is free software; you can redistribute it and/or modify it
12 # under the terms of the GNU General Public License as published by
13 # the Free Software Foundation; either version 3 of the License, or (at
14 # your option) any later version.
15 #
16 # GNU Guix is distributed in the hope that it will be useful, but
17 # WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
20 #
21 # You should have received a copy of the GNU General Public License
22 # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
23
24 # We require Bash but for portability we'd rather not use /bin/bash or
25 # /usr/bin/env in the shebang, hence this hack.
26 if [ "x$BASH_VERSION" = "x" ]
27 then
28 exec bash "$0" "$@"
29 fi
30
31 set -e
32
33 [ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
34
35 REQUIRE=(
36 "dirname"
37 "readlink"
38 "wget"
39 "gpg"
40 "grep"
41 "which"
42 "sed"
43 "sort"
44 "getent"
45 "mktemp"
46 "rm"
47 "chmod"
48 "uname"
49 "groupadd"
50 "tail"
51 "tr"
52 "xz"
53 )
54
55 PAS=$'[ \033[32;1mPASS\033[0m ] '
56 ERR=$'[ \033[31;1mFAIL\033[0m ] '
57 INF="[ INFO ] "
58
59 DEBUG=0
60 GNU_URL="https://ftp.gnu.org/gnu/guix/"
61 OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
62
63 # This script needs to know where root's home directory is. However, we
64 # cannot simply use the HOME environment variable, since there is no guarantee
65 # that it points to root's home directory.
66 ROOT_HOME="$(echo ~root)"
67
68 # ------------------------------------------------------------------------------
69 #+UTILITIES
70
71 _err()
72 { # All errors go to stderr.
73 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
74 }
75
76 _msg()
77 { # Default message to stdout.
78 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
79 }
80
81 _debug()
82 {
83 if [ "${DEBUG}" = '1' ]; then
84 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
85 fi
86 }
87
88
89 chk_require()
90 { # Check that every required command is available.
91 declare -a warn
92 local c
93
94 _debug "--- [ $FUNCNAME ] ---"
95
96 for c in "$@"; do
97 command -v "$c" &>/dev/null || warn+=("$c")
98 done
99
100 [ "${#warn}" -ne 0 ] &&
101 { _err "${ERR}Missing commands: ${warn[*]}.";
102 return 1; }
103
104 _msg "${PAS}verification of required commands completed"
105 }
106
107 chk_gpg_keyring()
108 { # Check whether the Guix release signing public key is present.
109 _debug "--- [ $FUNCNAME ] ---"
110
111 # Without --dry-run this command will create a ~/.gnupg owned by root on
112 # systems where gpg has never been used, causing errors and confusion.
113 gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
114 _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
115 echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
116 exit 1
117 )
118 }
119
120 chk_term()
121 { # Check for ANSI terminal for color printing.
122 local ansi_term
123
124 if [ -t 2 ]; then
125 if [ "${TERM+set}" = 'set' ]; then
126 case "$TERM" in
127 xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
128 ansi_term=true
129 ;;
130 *)
131 ansi_term=false
132 ERR="[ FAIL ] "
133 PAS="[ PASS ] "
134 ;;
135 esac
136 fi
137 fi
138 }
139
140 chk_init_sys()
141 { # Return init system type name.
142 if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
143 _msg "${INF}init system is: upstart"
144 INIT_SYS="upstart"
145 return 0
146 elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
147 _msg "${INF}init system is: systemd"
148 INIT_SYS="systemd"
149 return 0
150 elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
151 _msg "${INF}init system is: sysv-init"
152 INIT_SYS="sysv-init"
153 return 0
154 elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
155 _msg "${INF}init system is: OpenRC"
156 INIT_SYS="openrc"
157 return 0
158 else
159 INIT_SYS="NA"
160 _err "${ERR}Init system could not be detected."
161 fi
162 }
163
164 chk_sys_arch()
165 { # Check for operating system and architecture type.
166 local os
167 local arch
168
169 os="$(uname -s)"
170 arch="$(uname -m)"
171
172 case "$arch" in
173 i386 | i486 | i686 | i786 | x86)
174 local arch=i686
175 ;;
176 x86_64 | x86-64 | x64 | amd64)
177 local arch=x86_64
178 ;;
179 aarch64)
180 local arch=aarch64
181 ;;
182 armv7l)
183 local arch=armhf
184 ;;
185 *)
186 _err "${ERR}Unsupported CPU type: ${arch}"
187 exit 1
188 esac
189
190 case "$os" in
191 Linux | linux)
192 local os=linux
193 ;;
194 *)
195 _err "${ERR}Your operation system (${os}) is not supported."
196 exit 1
197 esac
198
199 ARCH_OS="${arch}-${os}"
200 }
201
202 # ------------------------------------------------------------------------------
203 #+MAIN
204
205 guix_get_bin_list()
206 { # Scan GNU archive and save list of binaries
207 local gnu_url="$1"
208 local -a bin_ver_ls
209 local latest_ver
210 local default_ver
211
212 _debug "--- [ $FUNCNAME ] ---"
213
214 # Filter only version and architecture
215 bin_ver_ls=("$(wget -qO- "$gnu_url" \
216 | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
217 | sort -Vu)")
218
219 latest_ver="$(echo "$bin_ver_ls" \
220 | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}" \
221 | tail -n1)"
222
223 default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
224
225 if [[ "${#bin_ver_ls}" -ne "0" ]]; then
226 _msg "${PAS}Release for your system: ${default_ver}"
227 else
228 _err "${ERR}Could not obtain list of Guix releases."
229 exit 1
230 fi
231
232 # Use default to download according to the list and local ARCH_OS.
233 BIN_VER="$default_ver"
234 }
235
236 guix_get_bin()
237 { # Download and verify binary package.
238 local url="$1"
239 local bin_ver="$2"
240 local dl_path="$3"
241
242 _debug "--- [ $FUNCNAME ] ---"
243
244 _msg "${INF}Downloading Guix release archive"
245
246 wget --help | grep -q '\--show-progress' && \
247 _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
248 wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
249
250 if [[ "$?" -eq 0 ]]; then
251 _msg "${PAS}download completed."
252 else
253 _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
254 exit 1
255 fi
256
257 pushd $dl_path >/dev/null
258 gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
259 if [[ "$?" -eq 0 ]]; then
260 _msg "${PAS}Signature is valid."
261 popd >/dev/null
262 else
263 _err "${ERR}could not verify the signature."
264 exit 1
265 fi
266 }
267
268 sys_create_store()
269 { # Unpack and install /gnu/store and /var/guix
270 local pkg="$1"
271 local tmp_path="$2"
272
273 _debug "--- [ $FUNCNAME ] ---"
274
275 cd "$tmp_path"
276 tar --extract \
277 --file "$pkg" &&
278 _msg "${PAS}unpacked archive"
279
280 if [[ -e "/var/guix" || -e "/gnu" ]]; then
281 _err "${ERR}A previous Guix installation was found. Refusing to overwrite."
282 exit 1
283 else
284 _msg "${INF}Installing /var/guix and /gnu..."
285 mv "${tmp_path}/var/guix" /var/
286 mv "${tmp_path}/gnu" /
287 fi
288
289 _msg "${INF}Linking the root user's profile"
290 mkdir -p "${ROOT_HOME}/.config/guix"
291 ln -sf /var/guix/profiles/per-user/root/current-guix \
292 "${ROOT_HOME}/.config/guix/current"
293
294 GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
295 source "${GUIX_PROFILE}/etc/profile"
296 _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
297 }
298
299 sys_create_build_user()
300 { # Create the group and user accounts for build users.
301
302 _debug "--- [ $FUNCNAME ] ---"
303
304 if [ $(getent group guixbuild) ]; then
305 _msg "${INF}group guixbuild exists"
306 else
307 groupadd --system guixbuild
308 _msg "${PAS}group <guixbuild> created"
309 fi
310
311 for i in $(seq -w 1 10); do
312 if id "guixbuilder${i}" &>/dev/null; then
313 _msg "${INF}user is already in the system, reset"
314 usermod -g guixbuild -G guixbuild \
315 -d /var/empty -s "$(which nologin)" \
316 -c "Guix build user $i" \
317 "guixbuilder${i}";
318 else
319 useradd -g guixbuild -G guixbuild \
320 -d /var/empty -s "$(which nologin)" \
321 -c "Guix build user $i" --system \
322 "guixbuilder${i}";
323 _msg "${PAS}user added <guixbuilder${i}>"
324 fi
325 done
326 }
327
328 sys_enable_guix_daemon()
329 { # Run the daemon, and set it to automatically start on boot.
330
331 local info_path
332 local local_bin
333 local var_guix
334
335 _debug "--- [ $FUNCNAME ] ---"
336
337 info_path="/usr/local/share/info"
338 local_bin="/usr/local/bin"
339 var_guix="/var/guix/profiles/per-user/root/current-guix"
340
341 case "$INIT_SYS" in
342 upstart)
343 { initctl reload-configuration;
344 cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
345 /etc/init/ &&
346 start guix-daemon; } &&
347 _msg "${PAS}enabled Guix daemon via upstart"
348 ;;
349 systemd)
350 { # systemd .mount units must be named after the target directory.
351 # Here we assume a hard-coded name of /gnu/store.
352 # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
353 if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
354 cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
355 /etc/systemd/system/;
356 chmod 664 /etc/systemd/system/gnu-store.mount;
357 systemctl daemon-reload &&
358 systemctl enable gnu-store.mount;
359 fi
360
361 cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
362 /etc/systemd/system/;
363 chmod 664 /etc/systemd/system/guix-daemon.service;
364
365 # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
366 sed -i /etc/systemd/system/guix-daemon.service \
367 -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
368
369 # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
370 if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
371 then sed -i /etc/systemd/system/guix-daemon.service \
372 -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
373 fi;
374
375 systemctl daemon-reload &&
376 systemctl enable guix-daemon &&
377 systemctl start guix-daemon; } &&
378 _msg "${PAS}enabled Guix daemon via systemd"
379 ;;
380 sysv-init)
381 { mkdir -p /etc/init.d;
382 cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
383 /etc/init.d/guix-daemon;
384 chmod 775 /etc/init.d/guix-daemon;
385
386 update-rc.d guix-daemon defaults &&
387 update-rc.d guix-daemon enable &&
388 service guix-daemon start; } &&
389 _msg "${PAS}enabled Guix daemon via sysv"
390 ;;
391 openrc)
392 { mkdir -p /etc/init.d;
393 cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
394 /etc/init.d/guix-daemon;
395 chmod 775 /etc/init.d/guix-daemon;
396
397 rc-update add guix-daemon default &&
398 rc-service guix-daemon start; } &&
399 _msg "${PAS}enabled Guix daemon via OpenRC"
400 ;;
401 NA|*)
402 _msg "${ERR}unsupported init system; run the daemon manually:"
403 echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
404 ;;
405 esac
406
407 _msg "${INF}making the guix command available to other users"
408
409 [ -e "$local_bin" ] || mkdir -p "$local_bin"
410 ln -sf "${var_guix}/bin/guix" "$local_bin"
411
412 [ -e "$info_path" ] || mkdir -p "$info_path"
413 for i in ${var_guix}/share/info/*; do
414 ln -sf "$i" "$info_path"
415 done
416 }
417
418 sys_authorize_build_farms()
419 { # authorize the public key of the build farm
420 while true; do
421 read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
422 case $yn in
423 [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
424 _msg "${PAS}Authorized public key for ci.guix.gnu.org";
425 break;;
426 [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
427 break;;
428 *) _msg "Please answer yes or no.";
429 esac
430 done
431 }
432
433 sys_create_init_profile()
434 { # Create /etc/profile.d/guix.sh for better desktop integration
435 # This will not take effect until the next shell or desktop session!
436 [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
437 cat <<"EOF" > /etc/profile.d/guix.sh
438 # _GUIX_PROFILE: `guix pull` profile
439 _GUIX_PROFILE="$HOME/.config/guix/current"
440 if [ -L $_GUIX_PROFILE ]; then
441 export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
442 # Export INFOPATH so that the updated info pages can be found
443 # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
444 # When INFOPATH is unset, add a trailing colon so that Emacs
445 # searches 'Info-default-directory-list'.
446 export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
447 fi
448
449 # GUIX_PROFILE: User's default profile
450 GUIX_PROFILE="$HOME/.guix-profile"
451 [ -L $GUIX_PROFILE ] || return
452 GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
453 export GUIX_PROFILE GUIX_LOCPATH
454
455 [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
456
457 # set XDG_DATA_DIRS to include Guix installations
458 export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
459 EOF
460 }
461
462 welcome()
463 {
464 cat<<"EOF"
465 ░░░ ░░░
466 ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
467 ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
468 ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
469 ░▒▒▒▒░ ░░░░░░
470 ▒▒▒▒▒ ░░░░░░
471 ▒▒▒▒▒ ░░░░░
472 ░▒▒▒▒▒ ░░░░░
473 ▒▒▒▒▒ ░░░░░
474 ▒▒▒▒▒ ░░░░░
475 ░▒▒▒▒▒░░░░░
476 ▒▒▒▒▒▒░░░
477 ▒▒▒▒▒▒░
478 _____ _ _ _ _ _____ _
479 / ____| \ | | | | | / ____| (_)
480 | | __| \| | | | | | | __ _ _ ___ __
481 | | |_ | . ' | | | | | | |_ | | | | \ \/ /
482 | |__| | |\ | |__| | | |__| | |_| | |> <
483 \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
484
485 This script installs GNU Guix on your system
486
487 https://www.gnu.org/software/guix/
488 EOF
489 echo -n "Press return to continue..."
490 read -r ANSWER
491 }
492
493 main()
494 {
495 local tmp_path
496 welcome
497
498 _msg "Starting installation ($(date))"
499
500 chk_term
501 chk_require "${REQUIRE[@]}"
502 chk_gpg_keyring
503 chk_init_sys
504 chk_sys_arch
505
506 _msg "${INF}system is ${ARCH_OS}"
507
508 umask 0022
509 tmp_path="$(mktemp -t -d guix.XXX)"
510
511 guix_get_bin_list "${GNU_URL}"
512 guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
513
514 sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
515 sys_create_build_user
516 sys_enable_guix_daemon
517 sys_authorize_build_farms
518 sys_create_init_profile
519
520 _msg "${INF}cleaning up ${tmp_path}"
521 rm -r "${tmp_path}"
522
523 _msg "${PAS}Guix has successfully been installed!"
524 _msg "${INF}Run 'info guix' to read the manual."
525
526 # Required to source /etc/profile in desktop environments.
527 _msg "${INF}Please log out and back in to complete the installation."
528 }
529
530 main "$@"
jackhill's copy of GNU Guix: https://guix.gnu.org/